Sun logo      Previous      Contents      Index      Next     

Sun ONE Identity Server 6.1 Migration Guide

Chapter 1
Upgrading from Identity Server 6.0 to Identity Server 6.1

This chapter provides instructions for upgrading Sun ONE Identity Server versions 6.0 and 6.0 SP1 to Identity Server 6.1. Topics include:

Before You Begin

In order to upgrade from Identity Server 6.0 to version 6.1, you must run the Java Enterprise System installer. Use the Java Enterprise System Installation Guide for detailed information about hardware and software requirements, and about other pre-installation issues you need to resolve. Also make note of the following points, and resolve any additional issues that apply to your Identity Server 6.0 deployment:

Overview of Upgrade Tasks

Note that you can combine steps 2 and 3 into one step by using the Java Enterprise System installer to install both Web Server 6.1 and Identity Server 6.1 during the same session. This chapter provides separate installation instructions for each product simply to make the instructions more clear when you’re upgrading your first Identity Server instance.

  1. Run the Identity Server pre-upgrade script.

    2. This script backs up your current Identity Server 6.0 configuration files, removes all Identity Server 6.0 packages, removes Web Server 6.0 packages, and cleans up the product registry.

    See "To Run the Pre-Upgrade Script" for detailed information.

  2. Run the Java Enterprise System installer to install Web Server 6.1.

    3. If you installed Identity Server 6.0 against Application Server 7.0, this step is not necessary. Identity Server 6.1 will work with Application Server 7.0.

    See "Installing Sun ONE Web Server 6.1" for detailed information.

  3. Run the Java Enterprise System installer to install Identity Server 6.1.

    4. During installation, the new packages used in Identity Server 6.1 are added.

    See "To Install Identity Server 6.1" for more information.

  4. Run the Identity Server post-upgrade script.

    5. This script adds Identity Server 6.1 schema to the directory tree, adds new Identity Server services, and updates existing Identity Server services, attributes, and other directory entries as necessary.

    See "To Run the Post-Upgrade Script" for detailed information.

  5. If you customized your Identity Server 6.0 installation, then you must manually redo the customization in your Identity Server 6.1 installation.

Using the Pre-Upgrade Script

Before you run the pre-upgrade script, be sure that Directory Server is up and running, and that Identity Server 6.0 and Web Server 6.0 are stopped. Once you run the script, be sure to allow it to finish completely. If you stop the script before it has completely finished, the results will be unpredictable.

Caution

The changes you make when you run the pre-upgrade script are permanent and cannot be undone.

Detailed instructions are included in the following steps.

To Run the Pre-Upgrade Script

  1. Make sure that Directory Server is up and running. Restart Identity Server 6.0 by following these steps:
    1. In the directory IdentityServer_base/SUNWam/bin, execute the amserver stop command.
    2. In the directory IdentityServer_base/SUNWam/bin, execute the amserver start command.
  2. Make sure that Identity Server and Web Server 6.0 are stopped. In the directory IdentityServer_base/SUNWam/bin, execute the amserver stop command.
  3. In the directory where the Java Enterprise System installer exists, run the script pre-upgrade script. Example:

    4. # cd JavaEnterpriseSystem_Base/Product/identity_srv/Tools

    #./pre60to61upgrade

  4. When prompted, provide the following information:

    5. Directory Server fully-qualified hostname: Enter the host name of the system where Directory Server is installed. Example: hostName.domainName.

    Directory Server port: The default value is 389.

    Top-Level Administrator DN: Enter the DN of the administrator who has unrestricted access to Identity Server entries in the directory.
    Example: uid=amAdmin,ou=People,dc=iplanet,dc=com

    Top-Level Administrator password: Enter the password for the Top-Level Administrator specified above.

    Enter directory to store back up files: Enter the path to the directory where you want to store back up Identity Server files. Example: /opt

Installing Sun ONE Web Server 6.1

This chapter provides separate instructions for installing Web Server 6.1 and Identity Server 6.1. This is intended to make the instructions more clear when you upgrade an instance of Identity Server for the first time. In practice, you can use the Java Enterprise System installer to install both products during the same session. This will save you time when you need to update multiple instances of Identity Server.

Note

When upgrading Identity Server for the first time, it’s a good practice to install Web Server 6.1, and then confirm that installation was successful, before installing Identity Server 6.1. If the Web Server installation is unsuccessful, then Identity Server installation will fail.

For the most part, you should refer to the documentation that comes with the Java Enterprise System installer for system requirements and detailed installation steps. However, during installation you must provide some parameters that were used when Web Server 6.0 was installed. Be sure to review the following steps before you start the Java Enterprise System installer.

To Install Sun ONE Web Server 6.1

  1. In the directory where the Java Enterprise System installer exists, run the installer command:

    2. ./installer

  2. In the Welcome window, click Next.
  3. In the Software License Agreement window, to accept the terms, click “Yes, Accept License.”
  4. In the Language Support window, select the language applicable to your system, and click Next.
  5. In the Component Selection window, select only "Sun ONE Web Server 6.1.” Be sure that all other components are deselected, and then click Next.
  6. If a message similar to the following is displayed:

    JAVA[tm] 2 Standard Edition Software Development Kit (SDK) Update Required.

    Sun Java(tm) Enterprise System requires a different version thatn the one currently installed.

    Upgrade the existing J2SE SDK?

    7. then select “Upgrade the exsiting J2SE SDK,” and then click OK. Otherwise, skip to the next step.

  7. In the Shared Component Upgrades Required window, click Next.
  8. In the Installation Directories window, provide the following information, and then click Next:

    9. Web Server: Enter the path to the directory where Web Server will be installed. The the default location is /opt/SUNWwbsvr.

  9. In the Checking System Requirements, after the checking is finished, click Next.
  10. In the Configuration Type Panel, select Custom Configuration, and then click Next.
  11. In the Common Server Settings window, provide the following information, and then click Next.

    12. Host Name: Enter the fully-qualified name of the computer system where Web Server will be installed.

    DNS Domain Name: The default value is displayed.

    Host IP Address: The default value is displayed.

    Administrator User ID: Enter the same user ID specified for the web Server when Identity Server 6.0 was installed. The default user ID is admin.

    Administrator Password: Enter the same value that was entered when Identity Server 6.0 was installed.

    Retype Password: Enter the same password again to confirm it.

    System User: Enter the name of the user ID to run Web Server as. The default is root.

    System Group: Enter the name of the group to run Web Server as. The default is other.

  12. In the Web Server: Administration window (1 of 2), provide the following information, and then click Next:

    13. Administrator User ID: Enter the same value you entered when you installed Identity Server 6.0. The default value is carried forward from the Server Settings window.

    Administrator Password: Enter the same value you entered when you installed Identity Server 6.0. The default value is carried forward from the Server Settings window.

    Retype Password: Enter the same password again to confirm it.

    Web Server Domain Name: Enter the fully-qualified name of the computer system where Web Server will be installed.

    Administration Port: The default value is 8888. The Identity Server 6.0 default value was 58888.

    Administration Runtime User ID: The default value is root.

  13. In the Web Server: Default Web Server Instance window (2 of 2), provide the following information, and then click Next:

    14. Runtime User ID: The default value is root.

    Runtime Group: The default value is other.

    HTTP Port: The default value is 80. The default value for Identity Server 6.0 was 58080.

    Document Root Directory: Enter the path to the directory where content documents are stored. Example:

    /opt/SUNWwbsvr/docs

    Automatically start Web Server when system restarts. By default, this is enabled.

  14. In the Ready to Install window, when you’re satisfied that all selections are correct, click Next. To change any of your settings, click Back.
  15. In the Product Registration window, Next to continue.
  16. If a regtool.sh message similar to the following is displayed:

    Dear User,

    We have found that <hostName> has not been registered, or the information has changed since it was last registered. The registration information is very important for SunIR staff to ensure that your system is secure, copyright-compliant, and data protective.

    ...

    17. then enter yes to continue.

  17. If you selected “Open registration window during installation” in step Step 14, then click Getting Started window will be displayed. In the browser window, click File>Close to dismiss the Getting Started window and to end the installation program. Skip to Step 19.
  18. If the Installation Complete window is displayed, then click click Close.
  19. (Optional) Check to make sure that installation succeeded.
    1. An instance of Web Server should exist in the appropriate installation directory. Example:

      2. /opt/SUNWwbsvr/https-hostName.domainName

    2. You should be able to point a browser to the new Web Server instance.

      3. First, start the Web Server. In the directory WebServer_base/SUNWam/servers/https-hostName.domainName, execute the start command.

      Then point a browser to the following URL:

        http://hostName.domainName:58080

      where hostName.domainName is the name of the host computer where you installed Web Server 6.1, and 58080 is the Web Server port number you specified. The Web Server home page should display.

Installing Identity Server 6.1

To install Identity Server 6.1, you must run the Java Enterprise System installer. For the most part, you should refer to the documentation that comes with the Java Enterprise System installer for system requirements and detailed installation steps. However, during installation you must provide some parameters that were used when Identity Server 6.0 was installed. Be sure to review the following steps before you start the Java Enterprise System installer.

To Install Identity Server 6.1

  1. In the directory where the Java Enterprise System installer exists, run the installer command:

    2. ./installer

  2. In the Welcome window, click Next.
  3. In the Software License Agreement window, to accept the terms, click “Yes, Accept License.”
  4. In the Language Support window, select the language applicable to your system, and click Next.
  5. In the Component Selection window, under “Sun ONE Identity Server 6.1,” expand the Identity Server 6.1 listing, and then check the following option:

    6.   Identity Management and Policy Services Core

    If the Sun ONE Message Queue3.0.1 SP2 component is automatically selected, leave it selected. The Sun ONE Identity Server 6.1 component will be automatically be selected; leave it selected.

    Then make sure that all other components are deselected, and click Next.

  6. If a message similar to this one displays, ignore it and click Continue:

    7. "Product Dependency Checks"

    You have not selected to install any Point product to satisfy the

    dependency required by Identity Server. Instead you

    could have selected: SunONEWebServer, appserv, External Containers You     haven’t selected to install a local Directory Server required by these

    Products: Identity and Service Management Services. You

    can point to a remote installation of Directory Server when you configure

    the products mentioned in the list. However if you wish, you could

    also select to install Directory Server locally and use it for     configuring Identity and Service Management Services.

  7. In the Installation Directories window, enter the path to the directory where you want to install Identity Server 6.1, and then click Next.

    8. Identity Server: Enter the path to the directory where you want to install Identity Server 6.1. The default is /opt.

  8. In the Checking System Requirements window, when checking is completed, click Next.
  9. In the Configuration Type Panel, select Custom Configuration, and then click Next.
  10. In the Common Server Settings window, provide the following information, and then click Next:

    11. Host Name: Enter the name of the computer system where Identity Server will be installed.

    DNS Domain Name: The default value is displayed.

    Host IP Address: The default value is displayed.

    Administrator User ID: The default value is admin.

    Administrator Password: Enter the same value that was entered for amadmin when Identity Server 6.0 was installed.This value is carried forward to the Identity Server: Administration window.

    Retype Password: Enter the same password again to confirm it.

    System User: Enter the name of the user ID to run Identity Server as. The default is root.

    System Group: Enter the name of the group to run Identity Server as. The default is other.

  11. In the Identity Server: Administration window (1 of 6), provide the following information, and then click Next:

    12. Administrator User ID: The default is amadmin. You cannot change this value.

    Administrator Password: Enter the password that was used for Identity Server 6.0 amadmin. The default value is carried forward from the Server Settings window.

    Retype Password: Enter the password again to confirm it if necessary.

    LDAP User ID: This is the user ID that was used in Identity Server 6.0 to bind to the directory for authentication. The default is amldapuser. This value cannot be changed.

    LDAP Password: Enter the password specified for the Identity Server 6.0 amldapuser.

    Retype Password: Enter the password again to confirm it.

    Password Encryption Key: Change the default value to the Identity Server 6.0 encryption key:

    KmhUnWR1MYWDYW4xuqdF5nbm+CXIyOVt

  12. In the Identity Server: Web Container window (2 of 6), provide the following information, and then click Next:

    13. Web Container: For this example, select “Sun ONE Web Server.”

  13. In the Identity Server: Web Container window (3 of 6), provide the following information, and then click Next:

    14. Host Name: Enter the fully-qualified name of the computer system where Identity Server 6.1 is to be installed. Example: hostName.domainName

    Web Server Port: The default is 80. The default value for Identity Server 6.0 is 58080.

    Web Server Instance Directory: Enter the path to the directory where the Web Server instance exists. Example: /opt/SUNWwbsvr/https-hostName.domainName

    Document Root Directory: Enter the path to the directory were the server’s content documents exist. Example: /opt/SUNWwbsvr/docs

    Is server instance port secure? Mark this box if to indicate that the web server is Secure Sockets Layer (SSL)-enabled. Leave the box unmarked if the web server is not SSL-enabled.

  14. In the window titled “Identity Server: Web Container for running Sun ONE Identity Server Services (4 of 6),” provide the following information, and then click Next:

    15. Host: Enter the fully-qualified hostname of the computer system where the Web Container is installed. Example: hostName.domainName

    Services Deployment URI: The Universal Resource Identifier (URI) prefix is a string that tells the Web Server where to look for HTML pages associated with a service and also for web application-specific information such as classes and jars. Enter the string that was entered when Identity Server 6.0 was installed. The default URI prefix is amserver.

    Common Domain Deployment URI: This URI determines the mapping between a string you specify and a deployed application.Enter the string that was entered when Identity Server 6.0 was installed. The default is amcommon.

    Cookie Domain: Enter the name of the domain for which Identity Server sets cookies. Example: .domainName

    Deploy Console with this service? Select Yes.

    Console Host (for existing console): If an administration console was installed for Identity Server 6.0, this is the name of the computer on which the console was installed. It cannot be changed. Example: hostName.domainName

    Console Port (for existing console): If an administration console was installed for Identity Server 6.0, this value is taken from the previous window. It cannot be changed.

    Console Deployment URI: This URI prefix tells the Web Server where to look for HTML pages associated with the Identity Server console and also for other web application-specific information such as classes and jars. The default URI prefix is amconsole. Enter the string that was entered when the Identity Server 6.0 console was installed.

    Password Deployment URI: Enter the URI to be used for the new Password Reset service. The default is ampassword.

  15. In the window Identity Server: Directory Server Information window (5 of 6), provide the following information, and then click Next:

    16. Directory Server Host: Enter the fully-qualified name of the computer system on which Directory Server is installed.

    Directory Server Port: Enter the port number for the Directory Server you specified.The default value for Identity Server 6.0 is 389.

    Identity Server Directory Root Suffix: Enter the base DN that indicates the part of the directory tree that is managed by Identity Server.

    Example: dc=iplanet,dc=com

    Refer to the com.iplanet.am.rootsuffix property in the Identity Server 6.0 AmConfig.properties file.

    Directory Manager DN: Enter the base DN of the who has unrestricted access to the Directory Server. Enter the Example: cn=Directory Manager

    Directory Manager Password: Enter the same Directory Manager password that was entered when Identity Server 6.0 was installed.

  16. In the Identity Server: Existing Provisioned Directory window (6 of 6), provide the following information, and then click Next:

    17. Is the Directory Server provisioned with user data? Click Yes.

    Organization Marker Object Class: Enter the object class used for organizations in the existing directory tree. The default is sunManagedOrganization.

    Organization Naming Attribute: Enter the naming attribute used for organizations in the existing directory tree. The default is o.

    User Marker Object Class: Enter object class used for users in the existing directory tree. The default is iplanet-am-user-service.

    User Naming Attribute: Enter the naming attribute used for users in the existing directory tree. The default is uid.

  17. In the Ready to Install window, when you’re satisfied that the settings are correct, click Next. To make changes to your settings, click Back.
  18. In the Product Registration window, Next to continue.
  19. If you selected “Open registration window during installation” in step Step 14, then click Getting Started window will be displayed. In the browser window, click File>Close to dismiss the Getting Started window and to end the installation program. Skip to Step 19.
  20. If the Installation Complete window is displayed, click Close.

Using the Post-Upgrade Script

The post-upgrade script updates schema in your existing directory tree from Identity Server 6.0 to Identity Server 6.1.

Note

Before you run the post-upgrade script, be sure that Directory Server is up and running, and that Web Server is not running. In the middle of the script, you’ll be asked to restart the Directory Server before the script can continue. You will also be instructed to restart both the Directory Server and Web Server in order for the changes to take effect.

To Run the Post-Upgrade Script

  1. Run the script Upgrade60DitTo61. You’ll find this script in the following location:

    2. IdentityServer_Base/SUNWam/migration/60to61/scripts

  2. When prompted, provide the following information:

    3. Directory Server fully-qualified hostname: Enter the host name of the system where Directory Server is installed. Example: hostName.domainName

    Directory Server port: The default value is 389.

    Directory Manager DN: Enter the DN of the user who has unrestricted access to Directory Server. Example: cn=Directory Manager.

    Directory Manager password: Enter the password for the Directory Manager specified above.

    Top-Level Administrator DN: Enter the DN of the administrator who has unrestricted access to Identity Server entries in the directory.
    Example: uid=amAdmin,ou=People,dc=iplanet,dc=com

    Top-Level Administrator password: Enter the password for the Top-Level Administrator specified above.

  3. When prompted by the script, restart Directory Server.
  4. When Directory Server has been restarted, return to the script and press Enter to continue.
  5. After the script has completed, the following message is displayed:

    6. YOU MUST RESTART THE DIRECTORY AND WEB SERVERS FOR THE UPGRADE CHANGES TO TAKE EFFECT.

    First restart Directory Server, and then restart Web Server. After both servers have been restarted, you should verify that the upgrade was successful. To start Identity Server, use a browser to go to the following URL:

    http://hostName.domainName:58080/amconsole



Previous      Contents      Index      Next     

Copyright 2003 Sun Microsystems, Inc. All rights reserved.